Dr.Web wouldn’t crack

Discussion in 'other anti-virus software' started by pjb024, Nov 12, 2009.

Thread Status:
Not open for further replies.
  1. pjb024

    pjb024 Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    351
    Location:
    Leeds, UK
    Dr.Web wouldn’t crack

    November 9, 2009

    The Dr.Web anti-virus from Doctor Web turned out to be the only one out of 7 widely used anti-virus programs that wouldn’t give in to participants of the International Alternative Workshop on Aggressive under the aegis of the ESIEA.

    The first (International Alternative Workshop on Aggressive Computing and Security was held on October 23-25 in Laval, France. As a part of the event seven anti-viruses were tested to determine if their self-protection could be disabled in sixty minutes. Anti-viruses were tested on Windows machines and testers had administrator’s privileges in the systems.

    The test showed that self-protection of anti-viruses from such vendors as Kaspersky Lab and Eset could be disabled in 40 and 33 minutes respectively while the defence mechanism of Norton Antivirus would break much sooner, in 4 minutes. The McAfee anti-virus was the quickest to fall and surrendered to testers in 2 minutes. AVG and G Data anti-virus solutions also failed to pass the test. Russian Dr.Web was the only anti-virus that wasn’t disabled in sixty minutes. All vendors that participated in the testing received information about vulnerabilities found in their products.
     
  2. Fajo

    Fajo Registered Member

    Joined:
    Jun 13, 2008
    Posts:
    1,812
    They are so good you cant even uninstall it.! :ninja:
     
  3. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
  4. pjb024

    pjb024 Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    351
    Location:
    Leeds, UK
    Yes I know about ntunldr aka EP_X0FF. He needs to move on and stop feeling so bitter o_O

    That still doesn't address the failure of some other so called top AV's.
     
  5. pjb024

    pjb024 Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    351
    Location:
    Leeds, UK
    Really! I have never had any problems and I'm always installing and uninstalling AV's as I test them. Dr.Web uninstalls ok for me.
     
  6. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Re: Dr.Web wouldn’t crack

    Eh?..did you read the thread :)
     
  7. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    was Avira or Avast tested in this?
     
  8. Fajo

    Fajo Registered Member

    Joined:
    Jun 13, 2008
    Posts:
    1,812
    I can kill Dr. Web in less then 8 Sec...... Hit the power button. That's about as valid as that article is lol. :D

    I miss Dr. Web in tests........ Norman has had the last position for to long. :doubt:
     
  9. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Re: Dr.Web wouldn’t crack

    Here pdf

     
  10. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    thx for the link.
     
  11. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London
    Actually it's quite funny....on their russian news/pr website, they declare themselves as the only unhackable av in the world....quite funny where there is actually a nice tool called SpiDie that kills in in a few seconds.

    If you have admin access then there is no such thing as an "unhackable" av...you can make it harder, but not make it "proof"...

    http://rootkit.com/blog.php?newsid=974
     
  12. risl

    risl Registered Member

    Joined:
    Dec 8, 2006
    Posts:
    581
    As a long time Dr.Web user I would like to see news about 64-bit version, quarantine, better user interface and something to improve detection of malware.

    They have started to add more signatures. Usually it was around 300-700 per day but now it's regularly many thousands per day except for weekends. I believe they have moved from completely manual analyzing to using an automated system+manual analyzing. This was not mentioned in any news and since they don't get tested anymore we can't see in percentages if it improves anything.
     
  13. Eice

    Eice Registered Member

    Joined:
    Jan 22, 2009
    Posts:
    1,413
    Personally, I don't see how this is supposed to be an achievement. In fact, it actually makes me leery of DrWeb.

    The right way to protect an antivirus - or any other process/driver, for that matter - is to restrict the privileges of all other non-critical processes, and anything that can entrench itself so firmly into the OS that it can't even be removed by admin users is digging waaaay too deep for my liking.
     
  14. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    i do have to agree.
     
  15. pjb024

    pjb024 Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    351
    Location:
    Leeds, UK
    Nice is not a word I would choose to use for malware even if it is labelled as proof of concept to protect the author. Have you tried it against the latest protection? o_O
     
    Last edited: Nov 13, 2009
  16. pjb024

    pjb024 Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    351
    Location:
    Leeds, UK
    Yes I agree with you. I can't read the Russsian forums (easily) and there is little information in the English forum. For some reason they don't like to give out much information on where the product is going. When asked about the long awaited new GUI (which I really don't care about) it is always 'coming soon'. I don't see the GUI as an issue, more of a nice to have, but yes it would be good to be able to judge where they are now in relation to detection of malware and how good their heuristics and origins tracing is against zero day. Proper handling of quarantine would be a plus point and that is also 'coming soon' but no committed date. 64-bit is in beta and they already support Windows 7 so something is happening even if they don't like to keep us well informed.

    I keep moving away from Dr.Web and trying other products but no other AV ever feels right and I always end up coming back. Maybe when the new GUI is in place I will feel that the product has been spoiled and is much like all the other glitzy looking but irritating products that are out there. But if it keeps its character and doesn't just become one of the crowd then I'll probably stay with it while ever it keeps me protected, which it has done up until now.
     
  17. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Malware, come on pjb024.

    Actually I was quite surprised DrWeb added to virus database and agree with what EP was saying at sysinternals forums - it doesn't fix the hole.
     
  18. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London

    Yes, some vendors will detect it as malware. If the code is automated a bit, then it could well be used as part of a malware package. But in this case the author is pointing out some mistakes in Dr.Web claims that they are "unhackable" and that DrW can be unloaded from usermode with relative ease.

    The PDF inside the archive contains additional info, and the exe is harmless unless you are running Dr.Web and do not want it to be terminated. In any other case it will just check if Dr.Web is installed and error out.

    Yes, it is crude and contains the usual 1337 hacker BS but the technical info is sound.
     
  19. pjb024

    pjb024 Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    351
    Location:
    Leeds, UK
    I agree that if there is a vulnerability that can be exploited then they have to find a way to remove the vulnerability rather than attempt to detect malicious code. Adding to the virus database doesn't fix the underlying problem.
     
  20. pjb024

    pjb024 Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    351
    Location:
    Leeds, UK
    Isn't the author an ex employee of Dr.Web?

    I do think that it was folly for Dr.Web to claim invincibility as no product will ever be invincible and there will always be some way to circumvent any security system. If they had simply said that they had done rather well in a test of self protection against several other top AV vendors then maybe the claim would have been received more positively. Clearly they are not invincible but in comparison to the other products tested they did ok.
     
  21. risl

    risl Registered Member

    Joined:
    Dec 8, 2006
    Posts:
    581
    Where did they claim anything about being invincible? They only made news about them having success in some test like all the other vendors do.

    " If they had simply said that they had done rather well in a test of self protection against several other top AV vendors then maybe the claim would have been received more positively. "

    .. I believe this was exactly what they did in the news. I can't find the "invincible/unbeatable" part.
     
  22. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London
    Here: http://news.drweb.com/show/?i=678&c=5&p=0 (it probably redirects you to the english ver, but russian ver is below. Title reads "Dr. Web recognised as the only "unhackable" antivirus in the world")

     
  23. risl

    risl Registered Member

    Joined:
    Dec 8, 2006
    Posts:
    581
    Completely different news in English vs. Russian. Nothing "wrong" or aggressive in the English version. It just stated that Dr.Web was the last product standing without any stupid claims.
     
  24. pjb024

    pjb024 Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    351
    Location:
    Leeds, UK
    And that was against some high profile competitors, some of who failed miserably ;)
     
  25. Soujirou

    Soujirou Registered Member

    Joined:
    Mar 25, 2008
    Posts:
    62
    This could be a very stupid question, but are they testing what you can do remotely or if you have physical access in the computer?
     
Thread Status:
Not open for further replies.